Re: Handling of empty secrets

From: Dan Williams <dcbw redhat com>
To: José Queiroz <zekkerj gmail com>
Cc: networkmanager-list gnome org
Subject: Re: Handling of empty secrets
Date: Wed, 06 Apr 2011 17:04:24 -0500

On Tue, 2011-04-05 at 12:19 -0300, José Queiroz wrote:
> 
> 
> Em 2011/4/5 Dan Williams <dcbw redhat com>
>                 What situations do you need these in? (empty secrets)
>         
>         
> Said you have a certificate-based VPN connection. As each VPN user
> have its own certificate, and certificate's key is password protected,
> one can assume that no further authentication is needed.

If the certificate is password protected then there's your secret: the
private key password that must be entered to unlock the private key.
I'm not really sure what purpose having a blank private key password
would solve here, given that it's pretty easy to figure out if the
private key is encrypted or not.  The openvpn plugin does this, there's
a function called "is_encrypted" that checks whether the private key is
indeed encrypted, and if so, it tells NM that it needs the private key
password to continue.  Or an I not understanding?

Dan

References:
- Re: Handling of empty secrets
  - From: Dan Williams
- Re: Handling of empty secrets
  - From: =?ISO-8859-1?Q?Jos=E9_Queiroz?=

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]